Facebook Fan Page iFrames Fail in HTTPS

This is a follow-up to my earlier post, An Overview of Facebook Latest Updates. As mentioned in this article, Facebook rolled out a new iframe feature for Fan Pages that allowed developers to frame in unique content, greatly increasing the functionality of Fan Page tabs… or at least, that was what we’d hoped for.

Unfortunately, it appears as though this feature fails miserably when users switch their account security settings in order to browse Facebook on a secure connection (https) whenever possible (Facebook is set to browse using an unsecure connection (http) as default). With threats like Firesheep making the Internet rounds, it only makes logical sense for users to bolster their security settings, and it’s something we at CIK Marketing highly recommend (to change your Facebook security settings, log into your account, click the “Account” link in the top right hand corner, and select “Account Settings.” Click the “change” link beside “Account Security” and select the “Browse Facebook on a secure connection (https) whenever possible.”)

Blank Pages Instead of iframes

Once a user has updated to browse Facebook using https, fishy things start happening on Fan Pages. Instead of rendering the content of custom tabs that are using the new iframe feature, Facebook simply displays a blank page. Test it out – visit the non-secure custom tab for the Chatham-Kent Police Service – make sure the URL starts with http://). Now, visit the secure custom tab for the same company make sure the url starts with https:// – notice anything different?)

Is There a Fix in Sight?

Statement from Facebook on the Facebook Bug Tracker Forum

Obviously, I’m not the only person asking for answers from Facebook. A fix is in the works, and is expected to roll out to production on Tuesday (TUESDAY?!?!) next week. Developers can track the progress on the official Facebook Bug Tracker Forum.

Now if you’ll excuse me, I have a number of apologetic emails to write to angry clients explaining to them that their custom tabs are probably not showing to the vast majority of their Fans… Is it Saturday yet?

5 thoughts on “Facebook Fan Page iFrames Fail in HTTPS

  1. Another of Facebook’s new quirks – if you’re not logged into Facebook, you won’t see any iframe content. So try logging into your profile then clicking the links, that should work.

  2. Do you have any news today? I try to build a Facebook application, and I encounter the same problem : visitors connected with https can’t see the content of my application. It seems that Facebook wants to keep the secure connexion iframe.

  3. Just figured this out… Users with their security settings set to “use secure browsing where possible” will not see any custom tab content unless your server has SSL encryption installed on it.

    Hope that helps.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>